Robert Falcone, Author at Unit 42

Fake CVE-2023-40477 Proof of Concept Leads to VenomRAT

4,978

people reacted

Fake CVE-2023-40477 Proof of Concept Leads to VenomRAT

By Robert Falcone
September 19, 2023 at 6:00 AM

10 min. read

A pictorial representation of a supply chain attack like that against 3CXDesktopApp

78,941

people reacted

Threat Brief: 3CXDesktopApp Supply Chain Attack (Updated)

By Robert Falcone and Josh Grunzweig
March 30, 2023 at 12:50 PM

8 min. read

A pictorial representation of the ProxyNotShell bypass threat brief

64,434

people reacted

Threat Brief: OWASSRF Vulnerability Exploitation

By Robert Falcone and Lior Rochberger
December 22, 2022 at 5:30 PM

9 min. read

A conceptual image representing a vulnerability, such as CVE-2022-22965, aka SpringShell, discussed here.

106,988

people reacted

CVE-2022-22965: Spring Core Remote Code Execution Vulnerability Exploited In the Wild (SpringShell) (Updated)

By Haozhe Zhang, Ken Hsu, Tao Yan, Qi Deng and Robert Falcone
March 31, 2022 at 4:30 PM

12 min. read

Threat Brief: Ongoing Russia and Ukraine Cyber Activity

86,786

people reacted

Threat Brief: Ongoing Russia and Ukraine Cyber Activity

By Robert Falcone, Mike Harbison and Josh Grunzweig
January 20, 2022 at 12:30 PM

8 min. read

A conceptual image representing a vulnerability, such as the Apache log4j remote code execution vulnerability discussed here, CVE-2021-44228.

309,647

people reacted

Another Apache Log4j Vulnerability Is Actively Exploited in the Wild (CVE-2021-44228) (Updated)

By Tao Yan, Qi Deng, Haozhe Zhang, Yu Fu, Josh Grunzweig, Mike Harbison and Robert Falcone
December 10, 2021 at 1:00 PM

471

15 min. read

A conceptual image symbolizing cybercrime and the use of backdoors, such as the activity we observed in an APT's TiltedTemple Campaign against ManageEngine ServiceDesk Plus, as discussed here.

63,375

people reacted

APT Expands Attack on ManageEngine With Active Campaign Against ServiceDesk Plus

By Robert Falcone and Peter Renals
December 2, 2021 at 6:00 AM

10 min. read

A conceptual image representing cybercrime, such as the use of the NGLite backdoor described here and the KdcSponge credential-stealing tool.

113,491

people reacted

Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer

By Robert Falcone, Jeff White and Peter Renals
November 7, 2021 at 6:00 PM

18 min. read

54,262

people reacted

Mespinoza Ransomware Gang Calls Victims “Partners,” Attacks with Gasket, "MagicSocks" Tools

By Robert Falcone, Alex Hinchliffe and Quinn Cooke
July 15, 2021 at 3:00 AM

23 min. read

A conceptual image representing the new cryptocurrency stealer, WeSteal.

49,924

people reacted

New Shameless Commodity Cryptocurrency Stealer (WeSteal) and Commodity RAT (WeControl)

By Robert Falcone and Simon Conant
April 29, 2021 at 12:01 AM

9 min. read

A conceptual image representing espionage, such as the attempted (but unsuccessful) credential harvesting discussed here.

45,128

people reacted

Actor Exploits Microsoft Exchange Server Vulnerabilities, Cortex XDR Blocks Harvesting of Credentials

By Robert Falcone
April 15, 2021 at 6:00 AM

8 min. read

The BumbleBee webshell, conceptually illustrated here, was discovered as part of an investigation of the continued xHunt campaign.

52,319

people reacted

xHunt Campaign: New BumbleBee Webshell and SSH Tunnels Used for Lateral Movement

By Robert Falcone
January 11, 2021 at 12:01 AM

25 min. read

Conceptual image illustrating Egregor ransomware.

40,303

people reacted

Threat Assessment: Egregor Ransomware

By Doel Santos, Brittany Barbehenn and Robert Falcone
December 8, 2020 at 6:00 PM

5 min. read

A conceptual image illustrating the concept of espionage, including the type of stealthy activity using backdoors that threat researchers observed the xHunt campaign using.

49,589

people reacted

xHunt Campaign: Newly Discovered Backdoors Using Deleted Email Drafts and DNS Tunneling for Command and Control

By Robert Falcone
November 9, 2020 at 12:00 AM

12 min. read

An illustration of the concept of ransomware, including Thanos

64,029

people reacted

Thanos Ransomware: Destructive Variant Targeting State-Run Organizations in the Middle East and North Africa

By Robert Falcone
September 4, 2020 at 6:00 AM

13 min. read

Posts created by: Robert Falcone

Fake CVE-2023-40477 Proof of Concept Leads to VenomRAT

Threat Brief: 3CXDesktopApp Supply Chain Attack (Updated)

Threat Brief: OWASSRF Vulnerability Exploitation

CVE-2022-22965: Spring Core Remote Code Execution Vulnerability Exploited In the Wild (SpringShell) (Updated)

Threat Brief: Ongoing Russia and Ukraine Cyber Activity

Another Apache Log4j Vulnerability Is Actively Exploited in the Wild (CVE-2021-44228) (Updated)

APT Expands Attack on ManageEngine With Active Campaign Against ServiceDesk Plus

Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer

Mespinoza Ransomware Gang Calls Victims “Partners,” Attacks with Gasket, "MagicSocks" Tools

New Shameless Commodity Cryptocurrency Stealer (WeSteal) and Commodity RAT (WeControl)

Actor Exploits Microsoft Exchange Server Vulnerabilities, Cortex XDR Blocks Harvesting of Credentials

xHunt Campaign: New BumbleBee Webshell and SSH Tunnels Used for Lateral Movement

Threat Assessment: Egregor Ransomware

xHunt Campaign: Newly Discovered Backdoors Using Deleted Email Drafts and DNS Tunneling for Command and Control

Thanos Ransomware: Destructive Variant Targeting State-Run Organizations in the Middle East and North Africa

Popular Resources

Legal Notices

Account

Trending

Popular Resources

Legal Notices

Account